SECURITY MONITORING OF NETWORK CONNECTIONS USING METRICS DATA
First Claim
1. A computer-implemented method, comprising:
- analyzing network traffic data for a network connection associated with a computing device;
identifying one or more network traffic metrics for the network connection based on the network traffic data;
determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics;
detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile; and
initiating a mitigation action with respect to the network connection in response to detecting the potential security threat.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.
-
Citations
30 Claims
-
1. A computer-implemented method, comprising:
-
analyzing network traffic data for a network connection associated with a computing device; identifying one or more network traffic metrics for the network connection based on the network traffic data; determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics; detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile; and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to identify attack behavior based on scripting language activity, by performing the steps of:
-
analyzing network traffic data for a network connection associated with a computing device; identifying one or more network traffic metrics for the network connection based on the network traffic data; determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics; detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile; and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computing device, comprising:
-
a memory that includes a security monitoring program; and a processor that is coupled to the memory and, when executing the security monitoring program, is configured to; analyze network traffic data for a network connection associated with a computing device; identify one or more network traffic metrics for the network connection based on the network traffic data; determine that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics; detect a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile; and initiate a mitigation action with respect to the network connection in response to detecting the potential security threat. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification